More and more drive encryption is being used. Problem is that acronis won't see the encryption and is forced into sector image copy.

When you have a 300GB encrypted drive with 10GB data the image file wil still be about 300GB.

The only way to let this work is let TrueImage regonize the encryption.

Are you planning on adding an Acronis Encryption module in the future or the regonize other drive encryptions?

Thanx in Advance

P.s this feature is greatly wanted….

Click to expand...

I see your problem, but if you want encryption on your harddisk as well as in your backups you are making life difficult if you are asking to decrypt in order to encrypt again to a backup. Sometimes good layering makes life easy, and actually disk space is cheap. I know which solution I would go for - we already have it.

some companies want to encrypt there data on the live SYSTEM for when the stuff gets stolen.. now when you do that then your image of for example a 300GB drive with only 10GB used will also be 300GB because trueimage does not regocnize my partition and files (because there are encrypted)

Just a bit of speculating here but I wonder how practical it is to expect TI or any other imaging program to be able to make sense out of somebody's encrypted disk - especially since the encryption company has gone to great pains to make sure nobody can figure the thing out. Does anybody offer used-sector-only imaging of encrypted disks?

Even though imaging bypasses the file system, it is obvious that it has to be able to understand some aspects of it to create its in-use sector map.

A possible, but not totally secure solution for imaging, would be to set up a smaller partition for the sensitive data and then just image the whole thing.

I find this an interesting subject and am interested in learning more about it. I certainly agree that there is a real need to protect computers, especially portable computers, against data theft.

Hmm, interesting. TI works at the in-use sector level unless it is unable to recognise the file system (unsupported file system or damaged supported file system) when it then reverts to RAW sector-by-sector copying.

So I guess the question is - does drive encryption mess around with the actual file system or does it merely encrypt the data residing on the in-use sectors that a particular file system uses?

Supporting all 3rd party standard (and god help us, proprietary as well) encryption formats would be practically impossible for Acronis to do.

Only working solution is to get Acronis to run on top of the encryption solution. One likely working way would be to run the Acronis on top of OS (that all live backups are ran anyway).

"Likely" is there, because I haven't tested it; there is a risk that it doesn't get along with the encryption software drivers, but that depends also the encryption provider.

If everything works, then the security effectively boils down to that the created image has to be encrypted as well. Currently Acronis does not support on-the-fly (or any other for that matter, but on-the-fly is the only really safe way) encryption.

So you need some encrypted disk to store the unencrypted image (such as another partition or virtual encrypted partition solution) within which you can then file-level encrypt the image for secure safekeeping.

I have added to the Wish list the on-the-fly encryption wish, as currently our server backups for 3 servers all have to be file-level encrypted after Acronis backups and we cannot use any automatic FTP or other deployments on the ATI because of this.

some companies want to encrypt there data on the live SYSTEM for when the stuff gets stolen.. now when you do that then your image of for example a 300GB drive with only 10GB used will also be 300GB because trueimage does not regocnize my partition and files (because there are encrypted)

do we have an understanding here?

Click to expand...

Hi Jude

I didn't realise that encryption changed the partition such that a raw read would fail. Can you explain why that happens?

I just want to make a couple points regarding backing up an encrypted disk. Something I do every day.

1. When a hard disk is encrypted ALL data becomes unintelligible information (basically random data). The encryption program (PGP WDE, Drive Crypt Plus Pack, etc.) never decrypts the data on the hard disk. The program reads the encrypted data from the disk and decrypts a copy of the data in RAM. Hence - "On The Fly Encryption"

2. I have not tried to perform a backup with Acronis TI using the CD, but it works in Ghost. However, I highly advise against performing a backup this way for two reasons. First, the backup file will be equal to the size of the drive being backed up (random data cannot be compressed), and secondly copying files of this size is very problematic.

3. Solution - Perform backup of your drive while running in windows. If you need to keep your data safe then copy to another encrypted hard disk, encrypted usb drive, etc. Or, you could use Ghost 10 which supports encryption of image files.

Does anyone know if there is an Acronis Image product that encrypts its images using tried and true algorithms?

First, the backup file will be equal to the size of the drive being backed up (random data cannot be compressed)

Click to expand...

This seems true as data which tends to lack repeating patterns will offer little or no compression. For non disk based encryption systems (e.g. file or stream) the conventional way of doing this would be to compress first then encrypt.

writedom said:

2. I have not tried to perform a backup with Acronis TI using the CD, but it works in Ghost.

Click to expand...

Which makes me wonder ATI's failure to backup encrypted disk systems (compression aside) is just a partition type issue. My understanding is that if it does not recognise the filesystem (partition type) it reverts to raw sector copy mode. I don't yet get why it can't do this. All it needs to be able to do is a) Interpret the address range of the partition from the partition table in the MBR, and then b) Address and read the sectors in that partition. Data is just data. I can't see that the MBR will have been encrypted so what exactly is stopping ATI doing such a backup ?

SecureDoc WAS able to have you back up an actual encrypted partition, and restore it to the hard drive, along with MBR 0; we found that the first bootup of this worked, but tehn something happens to the MBR table.

SO, I've been testing this with them, and teh best workaround for backup is

1. boot up in windows.
2. do backups from WITHIN windows
you have now created an UNENCRYPTED backup of the partition (c:, for example)
3. for security, LOCK THIS BACKUP up in a safe !!

to restore -
get your new/spare/etc hard drive, create an MBR on it, and reload teh c: partition to it.
you now have an unencrypted restore.
re-encrypt this.

That may sound like a round-robin with extra steps, BUT it has BEEN RELIABLE for me, over past two months, in testing this.

my main goal is to have a path to restore, in case of disaster. I now have that.

I encrypt my tablet PC (medical and financial data); the data is essentially bulletproof. If it gets stolen, all I've lost is teh hardware.